Anonim / 8 lat, 11 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
ComboFix 08-12-23.01 - Dawid 2008-12-24 10:06:44.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1045.18.1023.543 [GMT 1:00]
Executando de: c:\documents and settings\Dawid\Pulpit\ComboFix.exe
 * Criado um novo ponto de restauro
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\config.ini

.
((((((((((((((((   Arquivos/Ficheiros criados de 2008-11-24 to 2008-12-24  ))))))))))))))))))))))))))))
.

2008-12-24 08:24 . 2008-12-24 08:24	<DIR>	d--------	c:\windows\LastGood
2008-12-23 15:42 . 2007-05-16 16:45	3,497,832	--a------	c:\windows\system32\d3dx9_34.dll
2008-12-23 15:42 . 2007-05-16 16:45	1,124,720	--a------	c:\windows\system32\D3DCompiler_34.dll
2008-12-23 15:42 . 2007-05-16 16:45	443,752	--a------	c:\windows\system32\d3dx10_34.dll
2008-12-22 12:22 . 2008-12-23 09:10	<DIR>	d--------	c:\program files\HLSW
2008-12-22 11:37 . 2008-12-22 11:37	<DIR>	d--------	c:\program files\FileZilla FTP Client
2008-12-22 11:37 . 2008-12-23 19:25	<DIR>	d--------	c:\documents and settings\Dawid\Dane aplikacji\FileZilla
2008-12-10 17:05 . 2008-12-10 17:05	31	--a------	c:\windows\GunzLauncher.INI
2008-12-10 10:33 . 2008-10-03 11:17	247,326	-----c---	c:\windows\system32\dllcache\strmdll.dll
2008-12-09 18:36 . 2005-05-26 15:34	2,297,552	--a------	c:\windows\system32\d3dx9_26.dll
2008-12-09 14:04 . 2008-12-09 14:08	<DIR>	d--------	c:\documents and settings\Dawid\Dane aplikacji\Winamp
2008-12-08 17:48 . 2008-12-08 17:48	<DIR>	d--------	c:\program files\Common Files\DirectX
2008-12-07 11:48 . 2008-12-07 11:48	87	--a------	C:\Eliminar
2008-12-07 11:47 . 2008-12-07 11:48	0	--a------	C:\Rapid
2008-12-07 11:45 . 2008-12-07 11:49	<DIR>	d--------	C:\RapidBak
2008-12-04 18:40 . 2008-12-04 18:40	<DIR>	d--------	C:\games
2008-11-29 21:49 . 2008-11-29 21:49	0	-ra------	C:\logwmemory.bin
2008-11-29 21:47 . 2008-11-29 21:47	<DIR>	d--------	C:\Soldat
2008-11-29 21:47 . 2008-11-29 21:47	<DIR>	d--------	c:\documents and settings\Dawid\Dane aplikacji\Soldat
2008-11-28 20:42 . 2004-08-04 00:43	82,432	--a------	c:\windows\system32\CNBJMON2.DLL
2008-11-28 20:42 . 2001-10-26 15:42	55,761	--a------	c:\windows\system32\CNBJHLP2.HLP
2008-11-28 20:42 . 2001-10-26 15:42	1,187	--a------	c:\windows\system32\CNBJHLP2.CNT
2008-11-28 20:25 . 2008-12-06 21:22	<DIR>	d-a------	C:\Silkroad
2008-11-28 16:32 . 2008-12-24 08:24	<DIR>	d--------	c:\program files\FlashGet
2008-11-28 16:32 . 2004-08-03 23:14	359,040	--a------	c:\windows\system32\drivers\tcpip.sys.flg
2008-11-27 09:21 . 2008-11-27 09:21	<DIR>	d--------	c:\windows\Sun
2008-11-27 09:20 . 2008-11-27 09:20	410,976	--a------	c:\windows\system32\deploytk.dll
2008-11-27 09:20 . 2008-11-27 09:20	73,728	--a------	c:\windows\system32\javacpl.cpl
2008-11-27 09:19 . 2008-11-27 09:19	<DIR>	d--------	c:\program files\Java
2008-11-26 19:35 . 2008-12-24 10:07	<DIR>	d--h-----	c:\documents and settings\Multi\Ustawienia lokalne
2008-11-26 19:35 . 2008-11-09 11:56	<DIR>	d--------	c:\documents and settings\Multi\Ulubione
2008-11-26 19:35 . 2008-11-09 12:01	<DIR>	d--h-----	c:\documents and settings\Multi\Szablony
2008-11-26 19:35 . 2008-11-09 11:56	<DIR>	d--------	c:\documents and settings\Multi\Pulpit
2008-11-26 19:35 . 2008-11-09 11:56	<DIR>	d--------	c:\documents and settings\Multi\Moje dokumenty
2008-11-26 19:35 . 2008-11-09 11:56	<DIR>	dr-------	c:\documents and settings\Multi\Menu Start
2008-11-26 19:35 . 2008-11-09 11:56	<DIR>	dr-h-----	c:\documents and settings\Multi\Dane aplikacji
2008-11-26 19:35 . 2008-11-26 19:35	<DIR>	d--------	c:\documents and settings\Multi
2008-11-25 20:41 . 2008-11-25 20:41	487,936	--a------	c:\windows\system32\madFlac.ax
2008-11-25 20:39 . 2008-11-25 20:39	3,810,731	--a------	c:\windows\system32\libavcodec.dll
2008-11-25 20:39 . 2008-11-25 20:39	3,596,288	--a------	c:\windows\system32\qt-dx331.dll
2008-11-25 20:39 . 2008-11-25 20:39	2,041,363	--a------	c:\windows\system32\x264vfw.dll
2008-11-25 20:39 . 2008-11-25 20:39	634,880	--a------	c:\windows\system32\divxdec.ax
2008-11-25 20:39 . 2008-11-25 20:39	413,696	--a------	c:\windows\system32\FLVSplitter.ax
2008-11-25 20:39 . 2008-11-25 20:39	397,312	--a------	c:\windows\system32\ff_libfaad2.dll
2008-11-25 20:39 . 2008-11-25 20:39	352,401	--a------	c:\windows\system32\DivXMedia.ax
2008-11-25 20:39 . 2008-11-25 20:39	185,436	--a------	c:\windows\system32\CoreAVCDecoder.ax
2008-11-25 20:39 . 2008-11-25 20:39	172,032	--a------	c:\windows\system32\ff_libdts.dll
2008-11-25 20:39 . 2008-11-25 20:39	143,360	--a------	c:\windows\system32\ff_libmad.dll
2008-11-25 20:39 . 2008-11-25 20:39	135,168	--a------	c:\windows\system32\ff_samplerate.dll
2008-11-25 20:39 . 2008-11-25 20:39	119,296	--a------	c:\windows\system32\libmpeg2_ff.dll
2008-11-25 20:39 . 2008-11-25 20:39	52,224	--a------	c:\windows\system32\ff_liba52.dll
2008-11-25 20:38 . 2008-11-25 20:38	<DIR>	d--------	c:\program files\Real Alternative
2008-11-25 20:38 . 2008-11-25 20:38	755,027	--a------	c:\windows\system32\xvidcore.dll
2008-11-25 20:38 . 2008-11-25 20:38	524,288	--a------	c:\windows\system32\DivXsm.exe
2008-11-25 20:38 . 2008-11-25 20:38	344,394	--a------	c:\windows\system32\xvid.ax
2008-11-25 20:38 . 2008-11-25 20:38	159,839	--a------	c:\windows\system32\xvidvfw.dll
2008-11-25 20:38 . 2008-11-25 20:38	69,632	--a------	c:\windows\system32\divxconfig.exe
2008-11-25 20:38 . 2008-11-25 20:38	4,816	--a------	c:\windows\system32\divxsm.tlb
2008-11-25 20:36 . 2008-11-25 20:40	860,160	--a------	c:\windows\system32\lameACM.acm
2008-11-25 20:36 . 2008-11-25 20:40	516,096	--a------	c:\windows\system32\MP4Splitter.ax
2008-11-25 20:36 . 2008-11-25 20:40	508,052	--a------	c:\windows\system32\libmplayer.dll
2008-11-25 20:36 . 2008-11-25 20:41	258,048	--a------	c:\windows\system32\libFLAC.dll
2008-11-25 20:36 . 2008-11-25 20:40	141,312	--a------	c:\windows\system32\mp4.dll
2008-11-25 20:36 . 2008-11-25 20:40	75,264	--a------	c:\windows\system32\MACDec.dll
2008-11-25 20:36 . 2008-11-25 20:39	56,832	--a------	c:\windows\system32\ff_unrar.dll
2008-11-25 20:36 . 2008-11-25 20:39	23,552	--a------	c:\windows\system32\ff_wmv9.dll
2008-11-25 20:21 . 2008-12-21 13:06	69	--a------	c:\windows\NeroDigital.ini
2008-11-25 17:30 . 2008-12-10 20:25	<DIR>	d--------	c:\program files\Nowe Gadu-Gadu
2008-11-25 17:20 . 2008-11-25 17:26	<DIR>	d--------	c:\program files\Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 17:54	163,644	----a-w	c:\windows\system32\drivers\secdrv.sys
2008-11-25 19:40	79,360	----a-w	c:\windows\system32\mkzlib.dll
2008-11-25 19:40	23,552	----a-w	c:\windows\system32\mkunicode.dll
2008-11-25 19:40	163,840	----a-w	c:\windows\system32\ts.dll
2008-11-25 19:40	159,744	----a-w	c:\windows\system32\mmfinfo.dll
2008-11-25 19:40	148,992	----a-w	c:\windows\system32\mkx.dll
2008-11-25 19:40	120,832	----a-w	c:\windows\system32\ogm.dll
2008-11-25 19:40	108,032	----a-w	c:\windows\system32\avi.dll
2008-11-25 19:35	921,600	----a-w	c:\windows\system32\vorbisenc.dll
2008-11-25 19:35	9,216	----a-w	c:\windows\system32\cpuinf32.dll
2008-11-25 19:35	892,928	----a-w	c:\windows\system32\iconv.dll
2008-11-25 19:35	45,056	----a-w	c:\windows\system32\ogg.dll
2008-11-25 19:35	245,760	----a-w	c:\windows\system32\mplvpx.dll
2008-11-25 19:35	237,568	----a-w	c:\windows\system32\OggDS.dll
2008-11-25 19:35	188,416	----a-w	c:\windows\system32\vorbis.dll
2008-11-25 19:35	1,415,680	----a-w	c:\windows\system32\WMV9VCM.dll
2008-11-25 18:03	---------	d-----w	c:\program files\ECSRO
2008-11-21 13:41	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Nero
2008-11-21 13:39	---------	d-----w	c:\program files\Common Files\Nero
2008-11-21 13:38	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero
2008-11-21 11:49	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Nowe Gadu-Gadu
2008-11-17 17:26	---------	d-----w	c:\program files\Common Files\Enterbrain
2008-11-16 11:45	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Acreon
2008-11-14 13:07	---------	d-----w	c:\program files\Common Files\Blizzard Entertainment
2008-11-10 15:50	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\teamspeak2
2008-11-10 15:37	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Ventrilo
2008-11-10 15:36	---------	d-----w	c:\program files\Ventrilo Mix
2008-11-10 07:05	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Tibia
2008-11-09 20:55	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Gadu-Gadu
2008-11-09 20:05	71,137	----a-w	c:\windows\BricoPackUninst.cmd
2008-11-09 20:05	5,464	----a-w	c:\windows\BricoPackFoldersDelete.cmd
2008-11-09 19:56	219,648	----a-w	c:\windows\system32\uxtheme.dll
2008-11-09 19:16	---------	d-----w	c:\program files\Styler
2008-11-09 19:10	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\ViStart
2008-11-09 19:09	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\Styler
2008-11-09 19:08	---------	d-----w	c:\program files\WinFlip
2008-11-09 19:08	---------	d-----w	c:\program files\TrueTransparency
2008-11-09 17:55	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ESET
2008-11-09 17:14	---------	d-----w	c:\program files\Intel
2008-11-09 17:12	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-09 17:12	---------	d-----w	c:\program files\Common Files\InstallShield
2008-11-09 13:06	---------	d-----w	c:\documents and settings\Dawid\Dane aplikacji\MSN6
2008-11-09 13:06	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\MSN6
2008-11-09 11:16	---------	d-----w	c:\program files\PowerQuest
2008-11-09 11:05	---------	d-----w	c:\program files\microsoft frontpage
2008-11-09 11:02	---------	d-----w	c:\program files\Uslugi online
2008-11-04 08:35	499,712	----a-w	c:\windows\system32\msvcp71.dll
2008-11-04 08:35	348,160	----a-w	c:\windows\system32\msvcr71.dll
2008-10-24 11:10	453,632	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\gdi32.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 10:39	662,016	----a-w	c:\windows\system32\wininet.dll
2008-10-03 10:17	247,326	----a-w	c:\windows\system32\strmdll.dll
2008-10-02 09:07	453,152	----a-w	c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Steam"="d:\program files\steam\steam.exe" [2008-11-09 1410296]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-16 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Skrót do strony wlasciwosci High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dawid\Menu Start\Programy\Autostart\
RocketDock.lnk - d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
UberIcon.lnk - d:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Steam\\steamapps\\iskras\\counter-strike\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Silkroad\\Silkroad.exe"=
"c:\\Program Files\\ECSRO\\SilkErrSender.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Soldat\\Soldat.exe"=
"d:\\AeriaGames\\MegaTen\\ImagineUpdate.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;"d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-09-17 468224]

*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKLM-Run-WinampAgent - d:\program files\Winamp\winampa.exe


.
------- Scan Suplementar -------
.
IE: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - c:\program files\FlashGet\jc_link.htm
IE: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - c:\program files\FlashGet\jc_all.htm
IE: &????(FlashGet)?? - c:\program files\FlashGet\jc_link.htm
IE: &????(FlashGet)?????? - c:\program files\FlashGet\jc_all.htm
IE: &????(FlashGet)?? - c:\program files\FlashGet\jc_link.htm
IE: &????(FlashGet)?????? - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\Dawid\Dane aplikacji\Mozilla\Firefox\Profiles\hnm0tiga.default\
FF - prefs.js: browser.startup.homepage - google.pl
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 10:07:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skrót do strony w³aœciwoœci High Definition Audio"="HDAudPropShortcut.exe"
.
Tempo para conclusão: 2008-12-24 10:08:26
ComboFix-quarantined-files.txt  2008-12-24 09:08:23

Pré-execução: 3 161 767 936 bajtów wolnych
Pós execução: 3,460,354,048 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

233	--- E O F ---	2008-12-24 07:25:40